Debian workaround for LTS
The Debian installation instructions for Jenkins LTS create the following line in /etc/apt/sources.list.d/jenkins.list:
deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] https://pkg.jenkins.io/debian-stable binary/
That configuration assures that the jenkins-keyring is used to validate the packages from the Jenkins Debian stable repository without using that keyring for packages from any other repository. When that configuration is used with the previous PGP key on Debian 11, the error that is reported is:
Reading package lists... Done
W: GPG error: https://pkg.jenkins.io/debian-stable binary/ Release: The following signatures were invalid: EXPKEYSIG FCEF32E745F2C3D5 Jenkins Project <jenkinsci-board@googlegroups.com>
E: The repository 'https://pkg.jenkins.io/debian-stable binary/ Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
That results in an error because the https://pkg.jenkins.io/debian-stable repository is not signed.
The error can be temporarily converted to a warning by using the following change in /etc/apt/sources.list.d/jenkins.list:
deb [allow-insecure=yes] https://pkg.jenkins.io/debian-stable binary/
That skips the PGP signature check only for packages from the debian-stable repository. Once Jenkins 2.387.2 is released, the original configuration can be restored to use the jenkins-keyring.
The messages from apt-get are then warnings instead of errors and look like this:
Reading package lists... Done
W: GPG error: https://pkg.jenkins.io/debian-stable binary/ Release: The following signatures were invalid: EXPKEYSIG FCEF32E745F2C3D5 Jenkins Project <jenkinsci-board@googlegroups.com>
W: The repository 'https://pkg.jenkins.io/debian-stable binary/ Release' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
When the install is run with apt-get install jenkins, then the output will look like this:
$ sudo apt-get install jenkins
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
net-tools
The following NEW packages will be installed:
jenkins net-tools
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 96.1 MB/96.3 MB of archives.
After this operation, 99.4 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
WARNING: The following packages cannot be authenticated!
jenkins
Install these packages without verification? [y/N] y
Get:1 https://pkg.jenkins.io/debian-stable binary/ jenkins 2.387.1 [96.1 MB]
Fetched 96.1 MB in 5s (20.8 MB/s)
Selecting previously unselected package net-tools.
(Reading database ... 202724 files and directories currently installed.)
Preparing to unpack .../net-tools_1.60+git20181103.0eebece-1_amd64.deb ...
Unpacking net-tools (1.60+git20181103.0eebece-1) ...
Selecting previously unselected package jenkins.
Preparing to unpack .../jenkins_2.387.1_all.deb ...
Unpacking jenkins (2.387.1) ...
Setting up net-tools (1.60+git20181103.0eebece-1) ...
Setting up jenkins (2.387.1) ...
Created symlink /etc/systemd/system/multi-user.target.wants/jenkins.service → /lib/systemd/system/jenkins.service.